As the information society continues to develop, the necessity of information security technologies for securely protecting information used increases. One configuration element of information security technologies are encryption technologies, and encryption technologies are currently used by various products and systems.
Though there are various types of encryption processing algorithms, one of the basic technologies is called a shared key block encryption. According to the shared key block encryption, a key for encryption and a key for decryption are shared items. In both the encryption processing and the decryption processing, multiple keys are generated from these shared keys, and a data conversion processing is repeatedly executed in block data units of a certain block unit such as 64 bits, 128 bits, 256 bits, or other.
DES (Data Encryption Standard), which was the previous US standard, and AES (Advanced Encryption Standard), which is the current US standard, are known as representative shared key block encryption algorithms. Other various shared key block encryptions continue to be proposed, and the CLEFIA proposed by Sony Corporation in 2007 is also a shared key block encryption.
These kind of shared key block encryption algorithms are mainly configured with an encryption processing part including a round function executing unit for repeatedly executing conversions of input data, and a key scheduling part for generating round keys to be applied at each round regarding the round function unit. The key scheduling part first generates an expanded key in which the bit count is increased on the basis of a master key (master key), which is a secret key, and generates round keys (secondary keys) to be applied at each round function unit regarding the encryption processing part, based on the generated expanded key.
Configurations for repeatedly executing the round function including linear conversion units and non-linear conversion units are known as specific configurations of these kinds of algorithms. Representative structures include the Feistel structure and the generalized Feistel structure, for example. The Feistel structure and the generalized Feistel structure include structures that convert plaintext into ciphertext by the repetition of a simple round function including an F function as a data conversion function. The linear conversion processing and the non-linear conversion processing are executed by the F function. Further, NPL 1 and NPL 2 are examples of literature which discloses encryption processing applying Feistel structures.
Conversely, various new techniques are emerging such as a technique in which analysis of encryption algorithms or analysis of keys are illegally executed to perform cryptanalysis. One example of this is the related key attack. Though various countermeasures have been considered to deal with these kinds of attacks, the current state is that these are not sufficient.